Here's Stephen Howes, founder and CTO of Gridsure. He's actually taken the trouble to create an interesting portrait picture, which puts him way way way out ahead of the rest of the frankly unimaginative crowd who populate Infosec.
He's won this column over already! Let's see what he's got to say for himself.
Is this your first time at Infosec?
This is our fourth year
Where are you? Prominently displayed? Or stuck in the exhibition wilderness at the back of the hall?
Stand G94, next to the Technology show centre
Have you got anything to lure punters to your stand?
"Challenge The GrID"
We are so confident of the strength of our authentication product, that if you can guess our Personal Identification Pattern (PIP), you can win an Aston Martin.
Plus a daily draw for a remote control Aston as well.
Have you got a good story to tell resellers?
Easy to use, easy to remember, nothing to lose
What problem are you solving for the end user? What was the cause of this problem? How are you tackling it?
Forgotten, lost, stolen passwords
How did you develop this invention?
The GS solution was invented at the end of 2005 and the company formed in 2006.
Company took on private funding in 2007.... Now 20 people based in office in Huntingdon near Cambridge
Patents filed in a number of countries, several already granted
I was an IT professional with nearly 30 years experience developing IT solutions in a variety of industry vertical. The invention stemmed from the question "How can you create a one-time code without the need to carry a device"
Why are you different from all the other solutions out there?
Different because you don't need to carry technology in your pocket.
Too many others are using technology to deal with the problem because humans are often the weakest link in any authentication scenario. However GS are using the natural technique of shape and pattern recognition (something that people are naturally attuned to) to help them generate a one-time code
What's the most over used term in IT security?
Many people think that the only strong and effective security is a token. This is not true. Token devices are costly and inconvenient and security is compromised as soon as the user keeps his token in his laptop bag. Recent RSA hack has also highlighted a huge set of vulnerabilities.
What's the most mis-used term in IT security?
2-Factor Authentication = Strong Authentication
People are often taught to think that 2FA = Secure authentication. This is not necessarily true.
People should be thinking about 'Strong Authentication' which may or may not necessarily be two-factor. GrIDsure offers both options but it should remembered that some strong single factor solutions may well be stronger than poorly delivered two-factor solutions.
At the end of the day the first step is to choose a solution that is secure and effective for the risk that you are trying to cover and the profile of your end-user. This may or may not need to be 2FA
What's the most under valued term in IT security?
Usability - Many security solutions forget the needs and the ability of the end user....... If a solution is overly complex or difficult to use then people will naturally find short cuts which often result in severely compromised security
What's the biggest lesson you have learned in IT?
KISS - Keep It Simple Stupid
As Einstein once said "Everything should be made as simple as possible, but not simpler"
Why does EVERYBODY in IT talk about 'thinking outside the box'? Isn't it time a maverick started thinking inside the box?
There is nothing wrong with thinking outside the box.... The mistake however is to think that a solution has to be complex to be any good.....Again as Einstein said "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction.""